Re: 2.2/2.4/2.6 VMs: do malloc() ever return NULL?

[Ihar 'Philips' Filipau]

Richard B. Johnson wrote:
> As documented, malloc() will never fail as long as there
> is still address space (not memory) available. This is
> the required nature of the over-commit strategy. This is
> necessary because many programs never even touch all the
> memory they allocate.

  We are reading different mans? My man malloc(3) clearly states that 
malloc() can return NULL. (*)

  May I ask you one question? Did you were ever doing once graceful
failure of application under memory pressure? Looks like not.

  I can guess why sendmail allocates memory it never touches - memory
pools. There are situations where you really cannot fail - and memory
allocation failures are really nasty. Do you wanna to lose your e-mails? 
No? So then think twice, while implementing lazy allocators.

  So from my tests I see that by default Linux is not safe. You allocate
memory - malloc() != NULL. Then later you try to write to this memory
and you get killed by oom_killer. What is the point of this? Your
reasoning doesn't sound to me.

  Memory pools used by applications exactly to make grace error
handling under memory pressure - but it looks like this stuff under
Linux gets no testing at all. And default settings could make from
simple bug complete disaster.

> You can turn OFF over-commit by doing:
>
> echo "2" >proc/sys/vm/overcommit_memory
>
> However, you will probably find that many programs fail
> or seg-fault when normally they wouldn't. So, if you don't
> mind restarting sendmail occasionally, then turn off over-commit.
>

  I shall try overcommit_memory == 2 tomorrow and say what I see.

P.S. For example application I have ported right now to kernel space has
a limitiation - it must never ever allocate memory: memory consumption
is known, protocol just have no situation like ENOMEM - it _must_ fail
to initialize on start-up. No - not to being killed by oom_killer in
middle of processing. think carrier grade and/or just good programming
technics.

(*) Great optimization opportunities: remove from all programmes checks 
of the return value if malloc(). As by your words - why not?

--
Ihar 'Philips' Filipau  / with best regards from Saarbruecken.
--                                                           _ _ _
 Because the kernel depends on it existing. "init"          |_|*|_|
 literally _is_ special from a kernel standpoint,           |_|_|*|
 because its' the "reaper of zombies" (and, may I add,      |*|*|*|
 that would be a great name for a rock band).
                                -- Linus Torvalds


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/